Bad Actors Get Smart: Phishing Artists Target Smaller Lists

Phishing artists apparently have learned some lessons from legitimate email marketers. The main one is that they are better off sending spam to smaller lists, according to How Modern Email Phishing Attacks Have Organizations On The Hook, a study by Ironscales.

Of the 8,500 verified phishing attacks studied by Ironscales -- those that bypassed spam filters -- 77% targeted ten mailboxes or less, and 33% went to only one. And there are good reasons for this, according to Ironscales:

  • Attackers want to stay under the radar.
  • More sophisticated targeting allows for tailored messages 
  • Hyper-personalization is better at tricking people.

In line with this, Ironscales found that so-called spear phishing is “increasingly laser-designated.”

Scam artists have also discovered that it’s better to conduct the attacks as quickly as possible: Over 47% of the phishing efforts studied lasted less than 24 hours.

However, 35% went on for twelve months or more, largely because they were able to beat email security safeguards. They did this by using polymorphism techniques, “changing email artifacts like the sending IP, subject lines and elements of the email body,” Ironscales writes.

Why? For one thing, most phishing scam artists have “limited threshold for attack duration.” And more targeted campaigns tend to last less time. However, “Malware drip campaigns are successfully beating traditional spam filters and, once they do, the attacks continue to perpetrate for long periods of time,” Ironscales continues. 

How do you fight them? With machine learning. Without it, it can take weeks, even months, to get inside phishing attacks. Ironscales claims. This is compounded by “overburdened security teams, too many false positives and a lack of incident response technology.”

Spoofing attacks are also on the rise, although they tend to be picked up by spam filters. But they’re more effective when they target internal executives such as CEOs instead of large brands.

Of the phishing campaigns studied, 95% were “highly targeted campaigns, with the majority impersonating internal communications teams or individuals (i.e. CEO fraud). “

Not that brand-spoofing has gone away. The ten most victimized brands are:

  • DHL
  • Google
  • Amazon
  • Paypal
  • Yahoo
  • Microsoft
  • Apple
  • Vodafone
  • Facebook
  • Fedex

Our conclusion? That scam artists are both spoofing -- and learning -- from the best.

Methodology: For this report, Ironscales analyzed data from more than 100 of its customers and 500,000 mailboxes on four continents. 

Next story loading loading..